dfx-finance / protocol-v2 Goto Github PK
View Code? Open in Web Editor NEWA decentralized foreign exchange protocol optimized for stablecoins.
License: MIT License
A decentralized foreign exchange protocol optimized for stablecoins.
License: MIT License
In light of the recently published post-mortem, I was reviewing the existing audit coverage for this version of the protocol and saw that the Trail of Bits audit is included (it was imported with the rest of the audits in #73).
Having read the ToB audit when it was first published, I had assumed it was for V1. Slightly confused, I attempted to retrieve the commit specified in the report (906bd5274dcd07c458e6bbd6f13adced873ac952
), only to realise it really was for the V1 repo.
Whilst more communication is certainly better when it comes to security audit coverage, I think this communication would benefit from more clarity surrounding what exactly has been audited by who. I suppose the easiest fix would be to create subdirectories for each protocol version and have the relevant reports contained within those?
https://github.com/dfx-finance/protocol/blob/v2/contracts/CurveFactoryV2.sol#L99-#L102
Curve Factory V2 deploys a new USDC-USD assimilator with every new curve. Should change this because of it would cost a lot of money redeploying the same contract every time.
There are problems with deploying ANY contracts through foundry's forge create
as well as forge script
both don't work under any RPC i.e. alchemy. I even tested with multiple gas multipliers with no luck. Will need to open up an issue with foundry. Current work around will use a hardhat project to deploy. Mainnet should be working fine as I have tested on Goerli.
[] Opening up foundry issue for polygon ProviderError(JsonRpcError(JsonRpcError { code: -32000, message: "transaction underpriced", data: None }))
Using maple finance github actions is a good idea
ref: https://github.com/maple-labs/erc20/tree/main/.github/workflows
After some research probably should be using uniswapv3 code. Angle and aave doesn't fit what we're looking for i.e. mint flashloans.
Old CurveFactory Contract
function getCurve()
encodes id as bytes32 curveId = keccak256(abi.encode(_baseCurrency, _quoteCurrency));
which aligns with
newCurve()
encoding id as bytes32 curveId = keccak256(abi.encode(_baseCurrency, _quoteCurrency));
ref: https://github.com/dfx-finance/protocol/blob/main/contracts/CurveFactory.sol#L31-L46
New CurveFactoryV2 Contract
function getCurve()
only has one param bytes32 curveId = keccak256(abi.encode(_token));
which DOES NOT align with
newCurve
encoding with old id as bytes32 curveId = keccak256(abi.encode(_info._baseCurrency, _info._quoteCurrency));
ref: https://github.com/dfx-finance/protocol/blob/v2/contracts/CurveFactoryV2.sol#L85-L91
Slither needs to ignore some of the dependancies inorder to work well with github actions
Hardfork tests don't work because the infura API is no longer supported. Will have to store in github actions.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.